FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p7zip-codec-rar -- insufficient error handling

Affected packages
p7zip-codec-rar < 16.02_1

Details

VuXML ID 7a2e0063-0e4e-11e8-94c0-5453ed2e2b49
Discovery 2018-01-23
Entry 2018-02-10

MITRE reports:

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, alows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

References

CVE Name CVE-2018-5996
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5996
URL https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
URL https://nvd.nist.gov/vuln/detail/CVE-2018-5996